Method and apparatus for entity authentication

US 5,481,611 A
Filed: 12/09/1993
Issued: 01/02/1996
Est. Priority Date: 12/09/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a user attempting access into a host facility from a remote subscriber site, comprising the steps of:

generating a challenge code including a random digital sequence at the host;

encrypting the challenge code by cryptographically applying a key code to said digital sequence to produce a host-encrypted code;

transmitting a modified version of the challenge code by encoding said challenge code into a dual-tone-multi-frequency (DTMF) signal format suitable for transmission to a first electronic device at the subscriber site; and

acoustically coupling the DTMF signal received at the first electronic device at the subscriber site onto a transmission medium in operable communication with a second electronic device at the subscriber site;

encrypting the challenge code at the second electronic device at the subscriber site to produce a user-encrypted code;

transmitting by the second electronic device the user-encrypted code to the first electronic device and transmitting by the first electronic device the user-encrypted code to the host; and

comparing at the host the user-encrypted code to the host-encrypted code and, if a match is found, permitting the user to access the host.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptography-based entity authentication device (EAD) operated by a remote entity located at a subscriber site enables a telephone switch or computer system to identify and verify the authenticity of the entity. In one embodiment, the EAD encrypts a random digital sequence transmitted by a host facility and returns the encrypted signal to the host for comparison with another encryption signal generated locally by the host. If a match is detected, this serves as confirmation that the remote entity possesses the same encryption key as the host, therefore verifying the authenticity of the remote entity. Otherwise, the entity is deemed fraudulent and access is denied. In another embodiment, the host and subscriber site each include a respective time generation means which are maintained in relative time synchronicity. The EAD generates and encrypts a time signal for comparison with another encrypted time signal generated locally by the host. Transmissions between the host and subscriber site occur in a DTMF signal format to ensure compatibility with existing PSTN media.

Citations

19 Claims

1. A method of authenticating a user attempting access into a host facility from a remote subscriber site, comprising the steps of:
- generating a challenge code including a random digital sequence at the host;
  
  encrypting the challenge code by cryptographically applying a key code to said digital sequence to produce a host-encrypted code;
  
  transmitting a modified version of the challenge code by encoding said challenge code into a dual-tone-multi-frequency (DTMF) signal format suitable for transmission to a first electronic device at the subscriber site; and
  
  acoustically coupling the DTMF signal received at the first electronic device at the subscriber site onto a transmission medium in operable communication with a second electronic device at the subscriber site;
  
  encrypting the challenge code at the second electronic device at the subscriber site to produce a user-encrypted code;
  
  transmitting by the second electronic device the user-encrypted code to the first electronic device and transmitting by the first electronic device the user-encrypted code to the host; and
  
  comparing at the host the user-encrypted code to the host-encrypted code and, if a match is found, permitting the user to access the host.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1 wherein the step of encrypting the challenge code by the second electronic device at the subscriber site to produce a user-encrypted code includes the steps of:
    - decoding the DTMF signal from said host to recover said digital sequence; and
      
      encrypting the recovered digital sequence to produce a user-encrypted digital code.
  - 3. The method as recited in claim 2 wherein the step of encrypting said digital sequence includes the step of:
    - cryptographically applying a key code to said recovered digital sequence.
  - 4. The method as recited in claim 3 wherein the step of transmitting by the second electronic device the user-encrypted code includes the steps of:
    - acoustically coupling the DTMF signal onto a transmission medium in operable communication with the host facility.
  - 5. The method as recited in claim 4 wherein the comparison step includes the steps of:
    - decoding the DTMF signal transmitted by the first electronic device to recover the user-encrypted digital code; and
      
      comparing said user-encrypted digital code with said host-encrypted digital code.

6. A method of authenticating a user attempting access to a host facility from a subscriber site having two devices located thereat, comprising the steps of:
- at the host,generating a digital sequence;
  
  encrypting the digital sequence;
  
  encoding a duplicate version of the digital sequence into a dual-tone-multi-frequency (DTMF) signal format;
  
  transmitting the DTMF signal to the user site;
  
  at the subscriber site,decoding by a first device the DTMF signal transmitted from the host into said digital sequence;
  
  encrypting by a first device said digital sequence;
  
  encoding by a first advice the encrypted digital sequence into a DTMF signal format;
  
  sending safe DTMF signal format to a second device;
  
  transmitting by the second device the DTMF signal to said host;
  
  at the host,detecting the DTMF signal transmitted from the second device and recovering the user-encrypted digital sequence; and
  
  comparing the host-encrypted digital sequence with the user-encrypted digital sequence to determine if a match condition exists.

7. A system including a subscriber site having a first and second device located there at and a host facility, comprising:
- at the host,signal generation means for generating a random digital code;
  
  encryption means coupled to the signal generation means for encrypting said digital code using a host encryption key;
  
  encoder means coupled to the signal generator means for encoding a duplicate version of said digital code into a dual-tone-multi-frequency (DTMF) signal format;
  
  transmission means coupled to the encoder means for transmitting said DTMF signal to the subscriber;
  
  at the subscriber site,decoder means of a first device for detecting the DTMF signal transmitted from the host and recovering said digital code;
  
  encryption means at said first device coupled to the decoder means for encrypting said digital code using a user encryption key;
  
  encoder means at said first device coupled to the encryption means for encoding said user-encrypted digital code into a DTMF signal format;
  
  sending means at said first device for sending said DTMF signal format to a second device at the subscriber site;
  
  transmission means of said second device, coupled to the encoder means transmitting said DTMF signal to the host;
  
  at the host,decoder means for detecting the DTMF signal transmitted from the second device and recovering said user-encrypted digital code;
  
  comparator means coupled to said host encryption means and said host decoder means for comparing the host-encrypted digital code to said user-encrypted digital code.
- View Dependent Claims (8)
- - 8. The system as recited in claim 7 further comprises request means at the host for prompting said subscriber site for identification;
    - means at the subscriber site responsive to the host prompt for issuing an entity identification (ID) to said host;
      
      storage means at the host including a plurality of entity identifications each correlated with a respective encryption key; and
      
      retrieval means at the host adapted to receive the entity ID issued from the subscriber site and coupled to said storage means for retrieving the encryption key corresponding to said entity ID and supplying said encryption key to said host encryption means.

9. In a communications environment including a host facility and subscriber, said host facility including means for generating a digital code, means for encoding the digital code into a DTMF signal format, and means for transmitting the DTMF signal to said subscriber site, said subscriber site consisting of a first and second device, including an entity authentication apparatus comprising:
- detection means at said second device for acoustically detecting the DTMF signal transmitted from said host;
  
  decoder means coupled to said detection means for recovering the digital code;
  
  encryption means coupled to said decoder means for encrypting said recovered digital code;
  
  encoder means coupled to said encryption means for encoding the subscriber-encrypted digital code into a DTMF signal format; and
  
  transmission means coupled to said encoder means for acoustically transmitting the DTMF signal to said first devicetransmission means at said first device for transmitting the DTMF signal to said host.
- View Dependent Claims (10, 11)
- - 10. The second device of the communication environment as recited in claim 9 further comprises:
    - storage means for storing an encryption key; and
      
      retrieval means coupled to the storage means andoperable in response to a key request from said encryption means for sending the encryption key to said encryption means.
  - 11. The communication environment as recited in claim 9 wherein said host facility further comprises:
    - host encryption means coupled to said generation means for encrypting a replicate version of said digital code;
      
      host detection means for detecting the DTMF signal transmitted from said subscriber site;
      
      host decoder means coupled to said host detection means for recovering the subscriber-encrypted digital code; and
      
      comparison means coupled to the host encryption means and host decoder means for comparing the subscriber-encrypted digital code to the host-encrypted digital code.

12. A method of authenticating a user attempting access to host facility from a subscriber site, comprising the steps of:
- generating a respective time code representative of time at the host and at the subscriber site;
  
  encoding the host time signal into a host digital time sequence;
  
  encoding the subscriber time signal into a subscriber digital time sequence;
  
  encrypting the respective time codes to produce a host-encrypted time code and a user-encrypted time code at the host and subscriber site, respectively by cryptographically applying a user key to the subscriber digital time sequence and cryptographically applying a host key to the host digital time sequence;
  
  transmitting said user-encrypted time code in a dual-tone-multi-frequency (DTMF) signal format by acoustically coupling the DTMF signal onto a transmission media to said host;
  
  comparing the user-encrypted time code to the host-encrypted time code at the host to determine if a match condition is satisified.
- View Dependent Claims (13)
- - 13. The method as recited in claim 12 wherein the comparison step includes the steps of:
    - decoding the DTMF signal transmitted from the subscriber and recovering said user-encrypted digital time sequence; and
      
      digitally comparing said user-encrypted digital sequence time with said host-encrypted digital time sequence.

14. A system including a host and subscriber site, comprising:
- at the subscriber site,means for generating a time code;
  
  means for encrypting the time code to produce a user-encrypted time code;
  
  means for transmitting the user-encrypted time code to said host;
  
  at the host,means for generating a time code;
  
  means for encrypting the time code to produce a host-encrypted time code;
  
  means for detecting the user-encrypted time code transmitted from said subscriber; and
  
  comparison means for comparing the host-encrypted time code to said user-encrypted time code to determine if a match condition exists.
- View Dependent Claims (15)
- - 15. The system as recited in claim 14 wherein:
    - the generation means at the subscriber site comprisesmeans for producing a signal representative of time, andmeans coupled to said signal production means for encoding the signal into a digital time code;
      
      the transmission means at the subscriber site comprisesaudio means for encoding the digital time code into a dual-tone-multi-frequency (DTMF) signal format, andmeans for acoustically coupling the DTMF signal onto a transmission medium in operable communication with said host;
      
      the generation means at the host comprisesmeans for producing a signal representative of time, andmeans coupled to said signal production means for encoding the signal into a digital time code.

16. In a communications system including a host facility and subscriber site, said subscriber site including an entity authentication apparatus comprising:
- signal generation means for generating a signal representative of time;
  
  digital encoder means for encoding the time signal into a digital signal;
  
  encryption means for encrypting the digital signal to produce a user-encrypted time code;
  
  audio encoder means for converting the user-encrypted time code into a dual-tone-multi-frequency (DTMF) signal format; and
  
  transmission means for transmitting the DTMF signal to the host site.
- View Dependent Claims (17, 18, 19)
- - 17. The entity authentication apparatus as recited in claim 16 wherein the host facility comprises:
    - signal generation means for generating a signal representative of time;
      
      digital encoder means for encoding the time signal into a digital signal;
      
      decoder means for encrypting the digital signal to produce a host-encrypted time code;
      
      detection means for detecting the DTMF signal transmitted from the subscriber site and recovering the user-encrypted time code; and
      
      comparison means for comparing the host-encrypted time code to the user-encrypted time code.
  - 18. The entity authentication apparatus as recited in claim 17 wherein:
    - the encryption means of said entity authentication apparatus comprisesmeans for storing an encryption key; and
      
      cryptography means coupled to said storage means and said digital encoder-means for retrieving the encryption key and cryptographically applying the key to said digital signal.
  - 19. The entity authentication apparatus as recited in claim 18 wherein:
    - the host facility further comprisesmeans for prompting the subscriber site for entity identification (ID);
      
      storage means for storing a plurality of entity identifications each associated with a respective host encryption key;
      
      the entity authentication apparatus further comprisesmeans responsive to the prompt from said host for issuing an entity ID to said host;
      
      the encryption means at said host comprisesretrieval means coupled to the storage means of said host and adapted to receive the entity ID issued by said entity authentication apparatus for retrieving the host encryption key associated with said entity ID;
      
      cryptography means coupled to said retrieval means and said host digital encoder means for cryptographically applying the retrieved host encryption key to said digital signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Laboratories Incorporated (Verizon Communications Inc.)
Original Assignee
GTE Laboratories Incorporated (Lumen Technologies, Inc.)
Inventors
Owens, Leslie D., Jueneman, Robert R., Worrest, Ralph, Davis, Alvah B.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/164,311
Time in Patent Office

754 Days
Field of Search

380/23-25, 380/46, 380/49, 380/50
US Class Current

713/159
CPC Class Codes

H04W 12/03 Protecting confidentiality,...

H04W 12/06 Authentication

Method and apparatus for entity authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for entity authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links